[CERT-daily] Tageszusammenfassung - Dienstag 29-07-2014

Daily end-of-shift report team at cert.at
Tue Jul 29 18:11:57 CEST 2014


=======================
= End-of-Shift report =
=======================

Timeframe:   Montag 28-07-2014 18:00 − Dienstag 29-07-2014 18:00
Handler:     Alexander Riepl
Co-Handler:  n/a



*** Critroni/Onion - Newest Addition to Encrypting Ransomware ***
---------------------------------------------
In my last blog post about a week ago, I talked about how Cryptolocker and the like are not dead and we will continue to see more of them in action. It's a successful 'business model' and I don't see it going away anytime soon. Not even a few days after my post a new encrypting ransomware emerged. This ..
---------------------------------------------
http://www.webroot.com/blog/2014/07/25/critroni-new-encrypting-ransomware/




*** Interesting HTTP User Agent "chroot-apach0day", (Mon, Jul 28th) ***
---------------------------------------------
Our reader Robin submitted the following detect:  Ive got a site that was scanned this morning by a tool that left these entries in the logs: [HTTP_USER_AGENT] => chroot-apach0day ..
---------------------------------------------
https://isc.sans.edu/diary.html?storyid=18453




*** Cisco Prime Data Center Network Manager Input Validation Flaw Permits Cross-Site Scripting Attacks ***
---------------------------------------------
http://www.securitytracker.com/id/1030652




*** Hacker klauten Pläne für Israels Raketenschild "Iron Dome" ***
---------------------------------------------
Bei einem Hackerangriff auf drei israelische Waffenschmieden sollen Hacker der chinesischen Regierung in den Jahren 2011 und 2012 haufenweise wichtige Daten zu dem Raketenabwehrsystem erbeutet haben. Die Angreifer sollen der Spezialeinheit 61398 angehören.
---------------------------------------------
http://www.heise.de/security/meldung/Hacker-klauten-Plaene-fuer-Israels-Raketenschild-Iron-Dome-2272329.html




*** Android crypto blunder exposes users to highly privileged malware ***
---------------------------------------------
The majority of devices running Google's Android operating system are susceptible to hacks that allow malicious apps to bypass a key security sandbox so they can steal user credentials, read e-mail, and access payment histories and other sensitive data, researchers have warned.
---------------------------------------------
http://arstechnica.com/security/2014/07/android-crypto-blunder-exposes-users-to-highly-privileged-malware/




*** Changes in the Asprox Botnet ***
---------------------------------------------
In this blog post, we took a quick overview of Asprox's functions and saw the updates that it has made to its C&C code. With added RSA encryption, another C&C command, and updated messaging format, it does not look like Asprox will stop evolving. We will continue to monitor Asprox for any changes and will keep you updated.
---------------------------------------------
https://blog.fortinet.com/Changes-in-the-Asprox-Botnet/




*** How Cybercrime Exploits Digital Certificates ***
---------------------------------------------
Security experts recognize 2011 as the worst year for certification authorities. The number of successful attacks against major companies reported during the year has no precedent, many of them had serious consequences.
---------------------------------------------
http://resources.infosecinstitute.com/cybercrime-exploits-digital-certificates/




*** Security: Antivirenscanner machen Rechner unsicher ***
---------------------------------------------
Ein Datenexperte hat sich aktuelle Virenscanner angesehen. Viele seien durch einfache Fehler angreifbar, meint er. Da sie tief ins System eingreifen, stellen sie eine besondere Gefahr dar - obwohl sie eigentlich schützen sollen.
---------------------------------------------
http://www.golem.de/news/security-antivirenscanner-machen-rechner-unsicher-1407-108199-rss.html




*** Elasticsearch-Lücke verwandelt Amazon-Cloud-Server in DDoS-Zombies ***
---------------------------------------------
Durch eine Sicherheitslücke in einer älteren Elasticsearch-Version können Angreifer beliebigen Schadcode ausführen. Das wird momentan dazu genutzt, Server in Amazons EC2-Cloud zu kapern und für DDoS-Angriffe zu missbrauchen.
---------------------------------------------
http://www.heise.de/security/meldung/Elasticsearch-Luecke-verwandelt-Amazon-Cloud-Server-in-DDoS-Zombies-2277689.html




*** Multiple vulnerabilities in Oxwall 1.7.0  ***
---------------------------------------------
http://cxsecurity.com/issue/WLB-2014070156
http://cxsecurity.com/issue/WLB-2014070155


More information about the Daily mailing list